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HOW IMPORTANT IS YOUR DATA? 


Years of family photos. Your entire music 
and movie collection. Office documents 
you've put hours of work into. Backups for 
every computer you own. We ask again, how 
important is your data? 


NOW IMAGINE LOSING IT ALL 


Losing one bit - that’s all it takes. One single bit, and 
your file is gone. 





The worst part? You won't know until you 
absolutely need that file again. Example of one-bit corruption 





THE SOLUTION 


The Mini boasts these state-of-the- 


The FreeNAS Mini has emerged as the clear choice to 
art features: 


Save your digital life. No other NAS in its class offers 


i ry and ZFS bitr 
ECC (error correcting code) memory and ZFS bitrot sieseor Gotti Mora raecseor 


protection to ensure data always reaches disk . Up to 16TB of storage capacity 
without corruption and never degrades over time. - 16GB of ECC memory (with the option to upgrade 
to 32GB) 


, « 2x 1 Gigabit network controllers 
No other NAS combines the inherent data integrity : Ramotemanauementoore (EN) 


and security of the ZFS filesystem with fast on-disk - Tool-less design; hot swappable drive trays 
encryption. No other NAS provides comparable power ISSN re ictal emanecomngured 

and flexibility. The FreeNAS Mini is, hands-down, the 
best home and small office storage appliance you can 
buy on the market. When it comes to saving your 
important data, there simply is no other solution. 
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CERTIFIED 
STORAGE 


With over six million downloads, 
FreeNAS is undisputedly the most 
popular storage operating system 
in the world. 


Sure, you could build your own FreeNAS system: 
research every hardware option, order all the 

parts, wait for everything to ship and arrive, vent at 
customer service because it hasn't, and finally build it 
yourself while hoping everything fits - only to install 
the software and discover that the system you spent 
days agonizing over isn’t even compatible. Or... 


MAKE IT EASY ON YOURSELF 


As the sponsors and lead developers of the FreeNAS 
project, ixsystems has combined over 20 years of 
hardware experience with our FreeNAS expertise to 
bring you FreeNAS Certified Storage. We make it 
easy to enjoy all the benefits of FreeNAS without 
the headache of building, setting up, configuring, 
and supporting it yourself. As one of the leaders in 
the storage industry, you know that you're getting the 
best combination of hardware designed for optimal 
performance with FreeNAS. 


Every FreeNAS server we ship is... 


» Custom built and optimized for your use case 

» Installed, configured, tested, and guaranteed to work out 
of the box 

» Supported by the Silicon Valley team that designed and 
built it 

» Backed by a 3 years parts and labor limited warranty 





As one of the leaders in the storage industry, you 
know that you're getting the best combination 

of hardware designed for optimal performance 

with FreeNAS. Contact us today for a FREE Risk 
Elimination Consultation with one of our FreeNAS 
experts. Remember, every purchase directly supports 
the FreeNAS project so we can continue adding 
features and improvements to the software for years 
to come. And really - why would you buy a FreeNAS 
server from anyone else? 
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FreeNAS 1U 

- Intel® Xeon® Processor E3-1200v2 Family 

« Up to 16TB of storage capacity 

* 16GB ECC memory (upgradable to 32GB) 

« 2x 10/100/1000 Gigabit Ethernet controllers 
« Redundant power supply 


FreeNAS 2U 
- 2x Intel® Xeon® Processors E5-2600v2 Family 
« Up to 48TB of storage capacity 
¢ 32GB ECC memory (upgradable to 128GB) 
« 4x 1GbE Network interface (Onboard) - 
(Upgradable to 2 x 10 Gigabit Interface) 
« Redundant Power Supply 











http://www.iXsystems.com/storage/freenas-certified-storage/ 


Intel, the Intel logo, the Intel Inside logo and Xeon are trademarks of Intel Corporation in the U.S. and/or other countries. 





EDITORS’ WORD 


Dear Readers, 


he BSD magazine team is pleased to announce 

the launch of the next issue of BSD Magazine. 

A lot of tutorials and practice rich articles are 

included in this issue to help you develop your skills 

and knowledge. Our ultimate goal is to provide our 

readers with exactly the knowledge and skills they 

need in their IT careers. Hence, we will be very glad 

to receive your suggestions for workshops, tutorials, 
what you need most, etc... 


Let’s take a look at what you will learn in this issue. 

Our experts will teach you how to build nodejs from 
source code on FreeBSD. In addition, you will discover 
ZFS Pool Configuration and how to create a RAIDZ2 
of ten drives. 

In addition, you will will develop a basic understanding 
of the project management tool, Basecamp, as well as 
learn how to get up to speed quickly with Basecamp 
so that you can start realizing its benefits.. 


We wish to say “Thank You” and express our gratitude 
to our experts who contributed to this issue and to our 
coming issues. We invite other experts for collaboration 
for the next issue, due out in 4 weeks. 


Stay tuned, we have two special issues that will be 
published soon. 


Enjoy reading, 
Ewa & BSD Team 
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IN BUSINESS 


FreeNAS 


in an Enterprise Environment 


By the time you're reading this, FreeNAS has been downloaded 


more than 5.5 million times. For home users, it’s become an . ‘ 
indispensable part of their daily lives, akin to the DVR. cow & a 
Meanwhile, all over the world, thousands of businesses or \ “systems 
universities, and government departments use FreeNAS to Sl ee 

build effective storage solutions in myriad applications 4 fie 


What you will earn.. JA a 


e How TrueNAS builds off the strong points of the FreeBSD and 


Freeh opting ses SL a 
isi 


¢ How TrueNAS meets modern storage challenges for enterg 


THE PEOPLE WHO DEVELOP FREENAS, THE WORLD'S MOST 
T he FreeNAS operating systems is fre POPULAR STORAGE OS, HAVE JUST REVAMPED TRUENAS. 


the public and offers thorough doct 
active community, and a feature-rig 
the storage environment. Based on Free 
can share over a host of protocols (SM§ 
FTP, iSCSI, etc) and features an intuiti 
the ZFS file system, a plug-in system 





| 
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much more. ry — @: 
Despite the massive popularity ¢ | 


aren't aware of its big brother dut 
data in some of the most demand 
environments: the proven, enterp 
professionally-supported line of 
But what makes TrueNAS diffe A 
Well, I'm glad you asked... vs ho 


Commercial Grade Supp 
When a mission critical stor 


organization's whole opera POWER WITHOUT CONTROL MEANS NOTHING. 
felncntanas cal TRUENAS STORAGE GIVES YOU BOTH. 

and running in a timely 

responsiveness and expe 


dedicated support tea C/BiSiae en elaerecancar M Self-Healing Filesystem 


provide that safety. 


Created by the sa (Hybrid Flash Acceleration ( High Availability 


——"s Ciena eeeesccien (Vie Qualified for VMware and 
CARN Beetle aceite (are ahd eA, 
Up Front (no hidden (Vi Works Great With Citrix 
licensing fees) XenServer® 


To learn more, visit: www.iXsystems.com/truenas 





POWERED BY INTEL® XEON® PROCESSORS 


Intel, the Intel logo, Intel Xeon and Intel X 
sy VMware and VMware Ready are registered trademarks or trademarks of VMware, Inc. in the United States and other jurisdictions 
ra Citrix makes and you receive no representations or warranties of any kind with respect to the third party products, its functionality, the test(s) or the results 
there from, whether expressed, implied, statutory or otherwise, including without limitation those of fitness for a particuler purpose, merchantability, 


a a ™ 
inside non-infringement or title. To the exte 


of your use of the third party product 


“on inside are trademarks of Inte! Corporation in the U.S. and/or other countries. 


nt permitted by applicable law. In no event shall Citrix be liable f damages of any kind whatsoever arising out 


able for any di Flay 
whether direct, indirect, special, consequential, incidental, multiple, punitive or other damages 
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FreeBSD and NodeJS 
NodeJS and FreeBSD — Part 1 Ss 


David Carlier 

Nodejs is well known to allow building server applications in full 
JavaScript. In this article, we'll see how to build nodejs from 
source code on FreeBSD. You will need autoconf tools, GNU 
make, Python, linprocfs enabled and libexecinfo installed. GCC/ 
G++ compiler suite (C++11 compliant, ideally 4.8 series or above) 
or possibly clang can be used to compile the whole source. 


Project management 


Basecamp — Project Management 
for the Sane 

Troy Hipolito 

In this tutorial, we will dive into a basic understanding of 
Basecamp (a project management tool we use), as well as learn 
how to get up to speed quickly so that you can start realizing 
the benefits of the program, among which are centralizing 
communications, reducing the frequency of meetings, facilitating 
team coordination on projects, and providing transparency on 
timelines. 


Expert says... 


A Complete Guide to FreeNAS 
Hardware Design, Part Ill: Pools, 
Performance, and Cache 
Joshua Paetzel 

ZFS storage pools are comprised of vdevs which are striped 
together. vdevs can be single disks, N-way mirrors, RAIDZ 
(Similar to RAID5), RAIDZ2 (Similar to RAID6), or RAIDZ3 
(there is no hardware RAID analog to this, but it’s a triple parity 
stripe essentially). A key thing to know here is a ZFS vdev gives 
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the IOPs performance of one device in the vdev. That means 
that if you create a RAIDZ2 of ten drives, it will have the capacity 
of 8 drives but it will have the |OPs performance of a single drive. 


security Corner 


Does your Information Belong 
to the CIA Triad? 

Rob Somerville 

Confidentiality, Integrity and Availability are the three pillars 
of Information Security. In this article, we pose a number of 
scenarios to you, the IT professional, and ask “What would 
you do”? Every environment is different, so we will not provide 
any answers. Rather, we want to stimulate thought and debate 
around the ethics that Donn Parker says are missing from the 
computer center. 


Other Technologies 


Google Earth Forensics Using Google 
Earth Geo-Location in Digital Forensic 
Investigations Digital Forensics 101 

Michael Harrington and Michael Cross 
Digital Forensics is a branch of forensic science that focuses on 
the recovery, examination, and investigation of evidence stored 
on computers and other digital devices, as well as various media 
that may have been used to store data. Although it is commonly 
associated with criminal investigations, digital forensics has 
been used in civil cases, internal investigations, tribunals, and 
other inquiries or forums that require an exploration of data. 
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Column 
Could Turn the Engines off at 35,000 Feet <0 
Rob Somerville 
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Whether you’re an enterprise developer, work for qa commercial 
software company, or are driving your own startup, if you want to build 
Android apps, you need to attend AnDevCon! 


FYNDEVCON i esscisiseverysnere 
J U ly 2 9 ™ 3 ] ? 20] 5 Earn your Gertificate! 


Sheraton Boston 





Right after 


Google IO! 





e Choose from more than 75 classes and 
in-depth tutorials 





e Meet Google and Google Development Experts 

e Network with speakers and other Android developers , , | 

° Check out more than 50 third-party vendors —Kelvin De Moya, Sr. Software Developer, Intellisys 
¢ Women in Android Luncheon 

e Panels and keynotes 


° Receptions, ice cream, prizes and more —Margaret Maynard-Reid, Android Developer, Dyne, Inc. 
(plus lots of coffee!) 
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FREEBSD AND NODEJS 






Part 1 





NodeJS and FreeBSD - 


Nodejs is well known to allow building server applications 
in full javascript. In this article, we'll see how to build 
nodejs from source code on FreeBSD. You will need 
autoconf tools, GNU make, Python, linprocfs enabled 

and libexecinfo installed. GCC/G++ compiler suite (C++11 
compliant, ideally 4.8 series or above) or possibly clang 
can be used to compile the whole source. 


o start, we need the nodejs source code from this 
url htto:/www.nodejs.org/dist/atest where we can 
find this archive (during the article writing, the last 
version known is 0.12.2), node-v<version>.tar.gz. 
Be prepared to be patient, you have enough time for a cup 
of coffee, the compilation time needed can be quite long... 
Once downloaded and extracted, the famous command 
trio needs to be typed: 


¢ ./configure --dest-os=freebsd 
* gmake 
¢ gmake install 


It’s pretty straightforward on first glance. On FreeBSD, 
when v8 is compiled we get some compilation errors: 


clangt+t+ ‘-DV8 TARGET ARCH X64’ ‘-DENABLE DISASSEMBLER’ 
‘-DENABLE HANDLE ZAPPING’ -I../deps/v8 -pthread 
-Wall -Wextra -Wno-unused-parameter -m6o4 -fno-strict- 
aliasing -I/usr/local/include -03 -ffunction-sections 
-fdata-sections -fno-omit-frame-pointer -fdata-sections 
-ffunction-sections -0O3 -fno-rtti -fno-exceptions -MMD 


-MF /root/node-v0.12.2/out/Release/.deps//root/node- 
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v0.12.2/out/Release/obj.target/v8 libbase/deps/v8/src/ 
base/platform/platform-freebsd.o.d.raw -c -o /root/ 
node-v0.12.2/out/Release/obj.target/v8 libbase/deps/v8/ 
src/base/platform/platform-freebsd.o ../deps/v8/src/ 
base/platform/platform-freebsd.cc 


../deps/v8/src/base/platform/platform-freebsd.cc:159:11: 


error: member reference base type ‘int’ is not a 
structure or union 
result.push back (SharediibraryAddress (start of path, 


Start, end) }; 


NNNNNN NNNNNNDDDen 


../deps/v8/src/base/platform/platform-freebsd.cc:191:53: 


error: use of undeclared identifier ‘MAP NORESERVE’ 
MAP PRIVATE | MAP ANON | MAP_ 
NORESERVE, 


A 


../deps/v8/src/base/platform/platform-freebsd.cc:263:48: 


error: use of undeclared identifier ‘MAP NORESERVE’ 
MAP PRIVATE | MAP ANON | MAP_ 
NORESERVE, 


A 


../deps/v8/src/base/platform/platform-freebsd.cc:291:40: 


error: use of undeclared identifier ‘MAP NORESERVE’ 
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MAP PRIVATE | MAP ANON | MAP NORESERVE | 
MAP FIXED, 


4 errors generated. 

Ok, so a result variable ought to be a std::vector but 
it's considered wrongly as an int and furthermore a wrong 
mmap flag is used. Let’s fix it! 


std: :vector<SharedLibraryAddress> result; 
static const int MAP LENGTH = 1024; 
int fd = open(“/proc/self/maps”, O RDONLY); 


if (fd < 0) return result; 


while (true) { 
char addr buffer[11]; 
addr buffer[0] = ‘0’; 
addr Durtteri i] = “x7 


addr butfer[10] = 0; 
int: result = read(fd,; addr buffer + 2;. 3); 
if (result < 8) break; 
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unsigned. start. = StringTolong (addr burter); 
result = read(td, addr butter +2, 1); 
if (result <-1) Dreak; 
Lf (addr burrer|2)] t= *=") break; 
result. = tread (fd, addr butier +: 2; 3)3 
LE (result <0) Deeak; 
unsigned end = StringToLong(addr buffer); 
char buffer[MAP LENGTH]; 
Ine bytes teed = =1y 
do { 
bytes. Treaart; 
if (bytes read >= MAP LENGTH = 1) 
break; 


fesult. = tead(id, Dutrer t Dyiss read, 1); 
Apparently, there are two different variables with the 
same name. Let’s rename the second, the int type, to res 


for example so the vector result variable can legitimately 
call push _ back method. That fixes the first error. 


www.mtier.org 
contact@mtier.org 
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std: :vector<SharedLibraryAddress> result; 
Static const int MAP LENGTH = 1024; 
int fd = open(“/proc/self/maps”, O RDONLY); 
if (fd < 0) return result; 
while (true) { 
char addr buffer[11]; 
addr burtfer[0)] = *0"7 
addr buffer[1] = ‘x’; 
addr Dbutfer[[0) = 0; 
ink 2es= read (fd, adér butter + 27. 6); 
if (res < 8) break; 
unsigned start = StringToLong(addr buffer) ; 
res = read(fd, addr buffer +. 2, 1); 
if (res < 1) break; 
if (addr Dutter|[2)] t= =") break; 
ree = teadi td, adur butter + 2, 6); 
if (res < 8) break; 
unsigned end = StringToLong(addr buffer); 
char buffer[MAP LENGTH]; 
int. bytes read = =1; 
do { 
bytes readtt; 
if (bytes read >= MAP LENGTH - 1) 
break; 


res = read(fd, buffer + bytes read, 1); 


Let’s have a look at the mmap problem. 

MAP NORESERVE IS a specific flag which guarantees no 
swap space will be used for the mapping. However, it is 
a flag usable on Linux and Solaris /SunOS. 


mmap (OS: :GetRandomMmapAddr (), 
size, 
PROT NONE, 
MAP PRIVATE | MAP ANON | MAP_ 
NORESERVE, 
kMmapFd, 
kMmapFdOffset) ; 


mmap (OS: :GetRandomMmapAddr (), 
size, 
PROT NONE, 
MAP PRIVATE | MAP ANON, 
kMmapFd, 
kMmapFdOffset) ; 


void* reservation = mmap(0S::GetRandomMmapAddr (), 


request size, 
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PROT NONE, 

MAP PRIVATE | MAP ANON | MAP_ 
NORESERVE, 

kMmapFd, 

kMmapFdOffset) ; 


void* reservation = mmap(0OS::GetRandomMmapAddr (), 
request. S176, 
PROT NONE, 
MAP PRIVATE | MAP ANON, 
kMmapFd, 
kMmapFdOffset) ; 


Once modified in every mmap call, we can now retry 
compiling. However, we get another compilation error. 
This time, it casts a pthread_ self returns call to an int. 


deps/v8/src/base/platform/platform-posix.cc:331:10: error: 
Static -Cast from “pthread t’ daka “pthread. *”)} to “ant’ 
is not allowed 


reLUuIn Static Cast<int> (pthvead seli()); 


The problem is, on FreeBSD, a pthread_t type is not an 
integral type at all but an opaque struct. 
Instead, we might replace this line by: 


return: Static Cast<int> (reinterpret, Cast<inptr t> (pthread: 


self())); 


Now we are finally able to compile. After a couple of min- 
utes, it is finished but we have still one source to update: 
lib/dns.js. Add these two lines after line 127: 


if (process.platform === ‘freebsd’ && family !== 6) 
hints &= ~exports.V4MAPPED; 


Because FreeBSD does not support this flag, it ought to 
be cleared. This is all for compilation and it is ready to be 
used. Next time, we'll have an overlook in the application’s 
building part and ought to see the potential of this library. 





David Carlier has been working as a software developer since 2001. 
He used FreeBSD for more than 10 years and starting from this year, 
he became involved with the HardenedBSD project and performed 
serious developments on FreeBSD. He worked for a mobile product 
company that provides C++ APIs for two years in Ireland. From this, 
he became completely inspired to develop on FreeBSD. 
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ownload the latest ISO Interactive white paper. There you 
B will find a company description, capabilities, visuals, devel- 
opment process, case insights, and technology definitions. 
¢ ISO White Paper: www.isointeractive.com/pdf 
¢ [SO Video: www.isointeractive.com/#showreel 
¢ ISO Website: www.isointeractive.com 


ISO Interactive are award winning consultants that build engaging 
mobile and web experiences. Known for small to large opportuni- 
ties using Unity, Flash, HTML5 and traditional web programming, 
they have built very cool virtual worlds, 3D simulations, mobile ap- 
ps, social games and web designs. 
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Overview 

In this tutorial, we will dive into a basic understanding of 
Basecamp (a project management tool we use), as well as 
learn how to get up to speed quickly so that you can start 
realizing the benefits of the program, among which are cen- 
tralizing communications, reducing the frequency of meet- 
ings, facilitating team coordination on projects, and provid- 
ing transparency on timelines. 

We do have more detailed information concerning the 
project management role and methods that work best for 
your orginization in my previous article located at: http:// 
sdjournal.org/download/2011-pentest-extra-issues/. Feel 
free to check it out as there is good information on project 
management organization and methods. 

Speaking of... Project management is one area we have 
a lot of experience in. We believe project management is 
a major factor in determining success of the project. This is 
especially true for complex and technical endeavors. 


www.bsdmag.org 





Now | am not taking away from the great designers 
and developers, but having these is more of a norm. 
Great designers and developers need unification and 
sometimes direction to keep goals, budgets and timelines 
reasonable. 

Our groups have worked in corporate as well as the 
agency scenarios. To be honest, we favor an agency style 
as it has more of a startup feel and allows us to get our 
hands dirty. This allows some control to drive tasks and 
better target success. 

Corporate project management is our view more in re- 
porting to a number of bosses than actual management. 
It's different due to the structure and size of the client/ 
partner. 

The good people at 3/signals have revamped their pop- 
ular project management software Basecamp. Previously 
we produced a popular project management article for the 
Software Developer’s Journal that touches on the old ver- 
sion of the software. More specifically, it is the cover ar- 
ticle for the Flash & Flex magazine in 2011. 

So we have actually touched on some of that informa- 
tion but now we will concentrate on an in-depth tutorial of 
the new version of Basecamp. 

This tutorial is divided into several sections, starting with 
the basic Why Basecamp?, followed by a description of 
the various features and capabilities of Basecamp. The 
third section will cover usage instructions and guidelines, 
from identifying project scope to replying to Basecamp 
Messages. The final section covers the conclusion. 


Why Basecamp? 
You may be wondering, why do we use Basecamp versus 
another tool? 

Well we actually do use other tools depending on the 
client/partner/requirements. There are many great online 
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tools out there, for example Jira, MS Project, Asana 
and RallyDev. Some of these are more feature rich with 
true Agile processes while others have very specific set 
of functions. 

At ISO the main focus is to produce a high quality prod- 
uct with the least amount of drama. That may not sound 
completely intuitive, but if you think about it, everything is 
about making things flow and reducing drama. Controlling 
costs is actually a byproduct. 

The best designers and developers are sometimes 
a pain in the butt (not all, but most). You know what I’m 
talking about: acting like they just hit puberty, not mak- 
ing their deadlines (that they committed to), getting their 
feelings hurt easily, whining, crying and all that nonsense. 
And they have to be managed without them pooping their 
pants and walking out of the job because they aren't doing 
what they said or aren't getting their way. My goodness, 
it is pain to manage but absolutely needed. 
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While generally we “try” to adopt more agile processes, 
we are bound by the rapid changing needs of the busi- 
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ness, which can grow in volume at a rapid pace. Our focus 
is directed by numerous initiatives that result in a com- 
pound of projects with a pairing of unique groups. Plan- 
ning projects around Agile-style “sprints” (i.e., a guaran- 
teed amount of time) is not always possible and more 
often not probable. 

Basecamp is often more suitable for many of our needs 
because it is task-oriented and date-driven. Another great 
benefit of Basecamp is it’s an entirely online secure desk- 
top tool. Basecamp also offers a mobile app. Additional 
highlights the program offers: 


¢ Centralizing communication for emails based on the 
project, conversation thread and assigned tasks. 

¢ Uploading and tagging files associated with a particu- 
lar project. Typically, these are items like word docu- 
ments, spreadsheets, images, PSDs and PDFs. 

¢ Setting up and tracking schedules for development, 
meetings, and handoffs. 


The key to success when using Basecamp is for every- 
one to actually use it for the tasks at hand. Otherwise, 
there will not be record of any tasks being worked on. 
This can easily degenerate into halting progression to 
the next step of the project, delays in securing approv- 
als and handing off to other departments, and failure to 
meet deadlines. In short, not properly communicating 
within Basecamp and your project tasks can jeopardize 
launch dates. 

So think of Basecamp as a handy organization tool that 
allows the your team to be more efficient and enhance 
productivity. 

On to our review of Basecamp! 

The following are the six (6) main sections found under 
the Projects Menu in Basecamp: 


¢ Projects 

¢ Calendar 

¢ Everything 
¢ Progress 

¢ Everyone 
« Me 


When you log in to Basecamp, you are directed to the 
main page, where you are able to see all of the projects 
available. From here you can select the project you want, 
change the view of how you want to see projects, “star” 
projects that pertain to you, and even create new projects 
via a template or from scratch. On this page there is also 
a little search box that allows you to find things quickly. 
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Search box 


Creating a new project View archived projects 





“Star "your projects 


There are a number of projects in the queue at any giv- 
en time. To find a particular project simply, scroll up or 
down until find what you need. You'll also have the option 
to change the view from “graphical” to “hybrid” to “textual” 
by using the icons on the left of the screen (below the New 
Project link). If you like to read through the list quickly you 
may want to use the “textual” view. 

lf you want to group the projects which are specifically 
assigned to you, simply click on the “star” for those proj- 
ects and they will all be moved up together to the top. 

Additionally, if you want to look for a project that you know 
is finished but can’t find the name, click the archived proj- 
ects link on the top right to see a listing of those projects. 


Individual Project “Project Name” 

Each project has a number of components. Clicking on 
a project, you will notice menu links/sub sections for Proj- 
ect Landing Page, Discussions, To-dos, Files, Text Docu- 
ments and Events. 


Project Landing Page 
The title of the project is the link to the project landing 
page. These pages are useful for viewing recent activity 
on the other subsections. From top to bottom it has the 
Latest project updates, Discussions, To-do lists, a visual 
of the Files uploaded and newest Text Documents. 

All content from these subsections displayed on the 
project landing page link directly to those details. 

Next, let's take a look at the definition of most of these 
titles. 


Discussions 


Discussions serves as a type of “centralized” email inbox. 
Typically Discussions are not directly tied to to-dos. 
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Latest project updates Project Menu 
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These are used for emails which may deal with internal 
approvals and general notes that may or may not pertain 
to current tasks. Each discussion can have its own thread. 
For example, “discussions” can be used to post project 
notes. 


Starting a Discussion: 


To start a discussion, log in to your Basecamp project, 
click on the post a new message button. There you have 
the Subject line and the message area. You can format 
with the tools available and if needed upload a file. 

Make sure you DO NOT email everyone. No one likes 
spam. Please only click on the individuals that need to 
know. There is more on this and other etiquette items in 
the How We Use Basecamp section. 


Check ONLY those team 
members needed for discussion 


Once they receive a Basecamp message, individuals 
can simply email back from their native email client or 
click the “view on Basecamp” link within the email to re- 
ply. Viewing from Basecamp will allow the entire conver- 
sation thread to be reviewed. Lastly, you can attach files 
as needed in discussions. 
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To-do lists 

To-dos are a vital part of Basecamp. It is what generates 
the Calendar and assigns tasks to individuals and de- 
notes important events. It is basically an adjustable task 
list with due dates. 

Within the following image there is an Add a to-do list 
button, title of a current To-do list and individual to-dos/ 
tasks. And on the right side there are the view options 
(show assigned to, show when is due, show completed, 
and individual to-do lists). 

Basecamp allows for numerous lists. Typically, depend- 
ing on the type and size of the project, you may want to 
break it up. At this time, however, our projects are fairly 
small, so we would we prefer a more linear approach. It is 
simpler for our current needs. 


Add new Todo list 





View option: 
Tada list 





The previous image displays individual to-dos that can 
have a few pieces of additional information. 

Normally it has a description, due date and the person 
the task is assigned to. If there are any comments relating 
to this to-do task, you will see a note following the to-do 
task description. 

Once the to-do task is completed, the assigned person 
or Project Manager can check it off (with the check button). 

In order to view a comment, just click on it. Comments 
are very good if the short description does not have 
enough detail. 

However, for our projects we add some additional in- 
fo. In each of our to-do items we have the subject (e.g. 
Comps), short description, percentage complete, date or 
date range, separate due date and person the task Is as- 
signed to. 

In the example below, the original description was re- 
duced to UX > set 1. In this case, we added comments for 
further clarification. 


UX > set 1> (see comments) 7/24 -8/1[0%] tcomment 


Selecting on a to-do task (that has comments) will dis- 
play all the comments in a thread fashion. This is very 


BSD 


MAGAZINE 


similar to how the message conversations are done. 
The viewer will also be able to select to whom to email 
the message. The purpose is to have the person assigned 
to be responsive regarding the progress of their task and 
to centralize related conversations. Only conversations 
that pertain to this to-do task should be added here. 

There is also an option to email people outside of Base- 
camp who are not part of the project. However, that is not 
recommended for our production flow. 

Once individuals receive a message, they can simply 
reply via their email client or from Basecamp. It is usu- 
ally better to email back via Basecamp if you feel that you 
want to read part or the entire thread. 


Scheculed Tases 


UX > set 1> (see comments) 7/24 - 8/1 [0%] 


Discuss this to-do 


Troy H 
UX Set 1 consists of; 


this is @ second note.... 


Email this comment to people an the project 





Going back to the additional info we added, let’s talk 
about the percentage item (e.g. [30%]). This info can be 
added manually in Basecamp by the person performing 
the task, as well as the project manager. This is done by 
moving your cursor over the to-do task and then selecting 
the “edit” option. 

This allows everyone to quickly see how much of the 
task is considered completed. Formatting it this way also 
has some major advantages. That piece of information, 
along with the due date, is pulled in a visual Gantt chart/ 
timeline called TeamGanit.. 


Gantt Chart 

This is separate online software that is very useful for vi- 
sual teams. And the project manager can invite the same 
people on the project from Basecamp to TeamGantt. 
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To-do tasks 





Perentage of tasks complete 


Start and End dates per task 














Relationships 


Cons > set 1> see comment 7/30 - BAT 
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TeamGantt uses the percentage info provided to 
show completion of the task. The beginning and end 
dates in the to-do task description are just a refer- 
ence so we can visually adjust the timeline. But add- 
ing the time range in the textual format makes it is 
easy to read and that is the important thing. 

TeamGantt also has some neat printing features, 
associating tasks with each other and even color cod- 
ing groups of tasks. 

As such, if designing comps are dependent on wire- 
frames, you can link them together visually. In this 
case, | have made all the comp related items a fuch- 
sia, or “hot pink” color. So all the comp driven tasks 
are one color, UX-related another color, and so on. 

A couple of other neat features allow the Project 
Managers or individuals with edit permissions to send 
notes to the tasks from both Basecamp and Team- 
Ganit. It is just a little option that helps get things done 
quickly. 


Calendar 
For the most part the Calendar is pretty self-ex- 
planatory. There are some automatic things it pro- 


vides, as well as features that can be used. Below is 
a screenshot. 
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Show and hide individual calendars 
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To the left of the screenshot, the Calendar shows all the 
events relating to the projects you are involved with. Be 
aware that the complete view is on by default, and it may 
become too much information unless you turn off projects 
you are not focusing on. 

lf that is the case, just click the little colored circle with 
the check mark in order to turn the visibility (on or off) 
of the related tasks from the calendar. What you see in 
the larger portion of the calendar are all the to-dos posted 
by due dates. A user can also use this to checkoff work. 
Besides the normal To-do items, individuals can also 
add their own entries and associate them to any acces- 
sible project. These, however, do not create a to-do item 
but, rather, only create a calendar event. Our group us- 
es Google Calendar, so we may not use this as often. 
However it may be useful to add events if it helps to keep 
track of events on an individual bases. The following im- 
age shows how to create an event. You can add an event 
by clicking on any of the calendar days. You can add the 
event's title and additional notes to the desired calendar, 
and you can even adjust the event to span over multiple 
days if needed and then email your colleagues. 


Create new event 





Calendar Ceneral 











When: August 12,2014 
Lasts multinie days 


} MUNI OIE Gays OF FeDeAts.. 


Email to:  ) Troy H 


eR eo. a oO Cancel 


@e@69086Ucse8e 8 oe 8 8 ee 
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Everything 
“Everything” is an easy way to browse all items in their 
respective groups. This section has Browse every discus- 
sion, Review all open to-dos, See every single file, Read 
all text documents, Show all forwarded emails and See all 
deleted items. 

These are just other ways to find information quickly. 


Here's a collection of everything from all your projects. 


PEP Browse every discussion 


Oe Review all open to-dos 


r Gal. 
cp See every single file 


Stl el 
— 


iH Read all text documents 


- 
t a Show all forwarded emails 


i See all deleted items 





To provide a quick breakdown: 


¢ Browse every discussion > Provides a listing of any/ 
all textual updates in the order they were added. You 
can click to get to that discussion and associated 
project by selecting it. 


eee ere aot 


es 





¢ Review all open to-dos > Provides access to all the 
to-dos (that you have access to) that have not been 
checked off. Again, you can just link to the exact to- 
do within the project by clicking on any of the items 
on the page. 
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¢ See every single file > Provides access to all upload- 
ed files for all the projects to which you have access 
to. Useful if you have a lot of projects and you want to 
have an overview of all uploaded files, etc. 

¢ Read all text documents > Shows all documents 
based on the last update. 

¢ Show all forwarded emails > For emails that have re- 
sponses from outside of Basecamp. We probably will 
not have a need for this. 

¢ See all deleted items > Anything that has been delet- 
ed. This is also not used very often. 


Progress 

Shows who did what in the order it happened. This comes 
in very handy when wanting to find out any activity of the 
last few days. Beyond that it may present too much info. 
The Progress section also gives a good indication on who 
is using Basecamp and how. 
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You can scroll down, review the messages, files and 
happenings in real time. 


Everyone 
This section shows everyone based on the last active indi- 
viduals. Latest active individuals are posted first. 

You can see everyone by clicking the “See all people” 
link on the bottom left of the screen. 

Incidentally, “admins” can add additional people, 
change access permissions and perform other adminis- 
trative functions. 





Me 
The “Me” section can be very helpful to quickly see every- 
thing on your plate. Provides access to all the /atest activ- 
ity across all your projects, a// your open to-dos, recently 
completed todos and files you have shared. 

This should actually be the first place you should go in 
the morning to see if it lines up with what you know needs 
to happen. 


0 00) grr a 
4 CoA GB Garpcame tue [a nas 
i doce Pon ie Me ee ete ee ets Ae eet tee §=[Qanel coe $=) cireeriareer =) itt 


Shhh ge 


igi Basecamp Mew sa vary vary ay 


C¢ =n 


Vides! Cte Be —claa 


a 
* START PMT = Peart & 


Tres PT lee 





BSD 


MAGAZINE 





PROJECT MANAGEMENT 


How We Use Basecamp (Usage Guidelines) 

This is So important we made it a major section in the ar- 
ticle. Proper etiquette comes into play when we think of 
how our actions affect the team and timelines. Basecamp 
is pretty much an open system. We can use it the way we 
like. We as a group need to form and follow a sort of pro- 
tocol or “etiquette” which will be helpful in making every- 
thing to start making sense and become more of a natural 
process. 

This process should include “when” and “how” we use 
Basecamp communications, as well as where information 
should be located. Basecamp is not a perfect tool by far. 
It is up to everyone to use and tweak it as needed. At the 
same time, if we do not report to it, then the information 
will not be available for everyone else. An added advan- 
tage of properly and effectively using the system is that it 
will actually help reduce the need for some of the meet- 
ings and allow you to complete your work. 

The rules of today maybe switched later for something 
that makes more sense. But for now these are the general 
usage guidelines. 


Identifying Your Tasks 

Tasks can be anything including replying to messages, re- 
viewing documents, identifying dates and, yes, especially 
to-dos. 

One of the things we have to keep in mind Is to look out 
for each other. If you notice that there are tasks missing 
that will prevent you from doing your work (or dates that 
do not seem appropriate) then please let everyone else 
know. It probably has to be addressed. 

So, where do we start? 


¢ First go to the “Me” menu link. There you can see 
what tasks are assigned to you. 


This does not give you a clear priority but it does show 
you all things you are associated with. 


lf you Know there are tasks or projects that you have to 
do work on and it is not there, find out why. If it is not on 
Basecamp then others may not know it exists. Base- 
camp should be used as transparently as possible so 
others can quickly see how the project is going without 
the need for much interaction. 


Basecamp Is designed to show you and others where 
you are at in the process of your projects. 


¢ Secondly (and this is optional): START POINT proj- 
ect is a good place to go to, as there is a to-do list 
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called Priorities. There you can find your name and 
make notes on your goals for the day in order of im- 
portance. Creating this priority list helps you focus on 
items needed. And we all know the focus can change 
at any moment. So feel free to update that to-do item 
for any updates. 

¢ Once you are focused for the day, it is best to dive in 
the individual project you are working on. Based on 
the priority list you have created, then go the project 
you have to work on. 


Identifying project scope and important files and links 
Even after you have reviewed the project and your to- 
do’s, do not overlook the possibility that there are times 
when there may be context missing on the project or you 
may need access to some particular bit of additional infor- 
mation. This could be a reference info, a “what the heck is 
this project about,” a list of who is on it, or information on 
how to get access to the needed file(s). 

It may just be that you need more details on the actual 
to-do/task... 


Formatting explanation of the to-dos schedule 

To make the to-dos a little more precise and at the same 
time keep the amount of content readable for the to-dos, 
we have implemented a subject formatting technique to 
assist in this matter. 

As we mentioned before, the to-dos are tasks that can 
be also arranged as a schedule (view section 1.3 for gen- 
eral details on to-do’s). This subsection, however, is really 
designed to break down why we format it the way we do. 

Please note that not all to-do items may be formatted this 
way. However, if you have a series of tasks that form a sched- 
ule, then it is best to use these practices. To simplify the dif- 
ferent styles let’s call these series of tasks (to-do schedules) 
and non-series of tasks (one-offs or similar tasks). 

To illustrate the point the images that follow are 2 differ- 
ent views of the same series of tasks. The first image is 
what you see from Basecamp, while the second is a more 
visual timeline generated in TeamGantt. 


Series of tasks: 


Basecamp view. Most projects that require a series of 
tasks are broken up in usable chunks. They tend to in- 
clude most of the larger events, but often meetings 
spring up for additional reviews or issues that are not re- 
lated to the project. 

You can see this project is a little more complicated than 
most, but the basic structure is pretty standard. Typically, 
most projects have: 
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¢ BO (Business Owner) ZIP and CB (Creative Brief). 
In the example below it was already completed and 
checked off. 

¢ Internal kick-off. Again, this already happened and 
has been checked off. 

¢ UX development 

¢ Content support 

¢ Comps 

¢ Internal reviews (some times these are not listed as 
the dates shift too often) 

¢ Legal reviews 

¢ IT Release 


¢ UAT prep 

¢ IT Dev 

¢ UAT internal testing 
e Launch 


As you will notice, the following image has multiple re- 
leases. Sometimes this is needed if you are dividing de- 
sign and development/IT groups. Dev/IT may have to get 
started on a project overlapping the design schedule in 
order to make launch dates. 


scheduled Tasks 


UX > set 1> (see comments) 7/24 - 8/1 (95%) 4 comments 
UX > set 2 (App) > see comments 7/29 - 8/1 [99%] 4 comments 


++ Release UX > set land set 2 >to IT >set1> 8/4 [0%] Troy 
Comos > set? >see comments 8/4-8/6 2 comments 


++ Release comps > set2>toIT+ 8/8 Fri. Auge 
UX > Set 3 >see comments 64 -8AZ 1tcomment 


Comps > set 1> see comments 7/30 - 8/11 [0%] 2 comments 
Content > set 3 > see comment 8/1-8A2 tcomment 


++ Release Comps > setl>tolT + 68/13 y 
Comps > Set 3 >see comments BAZ -8A5 tcomment 


++ Release UM > Set3>tolT >8A5 [0%] tcomment 
++ Release comps > set 3 >to IT + 6/19 

UX > Updates 8/20 [0%] 

Content > Updates 8/20 [0%] 

++ Legal and BO review ++ 8/22 (0%) = Troy 

UAT SA9 - 9/25 [0%] i comment 

IT Dev [0%] 8/4 - 10/17 

Launch 1049 [0%] Sun, Oct 19 

Add @ to-do 


Now that we have an idea of the different groupings, 
let’s consider formatting. If you take another look at the 
series of tasks shown above, you will notice that some 
have “++” in front of them and others do not. 
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¢ The “++” prefix generally represents a release or ma- 
jor meeting. These are what we call non-tasks or 
things that do not require the online group to develop. 
ltems without the “++” prefix generally represent de- 
sign of UX, content creation or comp designing. 

¢ You will also notice that we use the overarching sub- 
ject first. So you may read things like UX, Content or 
Comps. Then you will notice a little arrow like this “>”. 
After that a small amount of detail (just enough to un- 
derstand what is being worked on). 

¢ After the detail you will often see a date or date 
range. For events that take one day, a simple date is 
needed, while for events spanning a period of time it 
is good to just put the date in the description. This is 
important because Basecamp only tracks end dates. 
We want to show the start and end dates. 

¢ After the date or date range you may see a percentage 
in brackets like this — [50%]. This is manually filled out so 
we get an idea on where this task is in the process. It is 
also auto-translated visually in the Gantt chart in Team- 
Gantt. And if the description is a bit vague, that is why 
you add a comment to it. That way anyone looking at this 
particular to-do can see that there is a comment which 
can be clicked on to drill down and see additional details. 

¢ Then the task is assigned to someone and given a due 
date. You may be curious why there is a date range 
and a due date. For starters, while due dates are 
tracked in the system, we format these dates visually 
to make it easier to read and identify start dates. 


Also TeamGantt has start dates as well as end dates. 
It is easier to adjust the start in TeamGantt once you can 
actually read the date ranges in the description. 
So let’s use this example and break it down. 
Comps > set 1 > see comments > 8/12 - 8/15 [0%] 1 comment 


Person Name Mon Aug 11 


* Comps = Overall subject. 

¢ set 1 = Short detail. 

* see comments = A note signifying that more details on 
the tasks are to found in the comments. 

* 8/12 - 8/15 = Start and end date (note we will prob- 
ably have several internal approval meetings in be- 
tween these dates that may or may not be notated on 
the schedule). 

¢ [0%] = The estimated percentage of the task completion. 

* 1 comment = Shows how many comments are associ- 
ated with this task. 

° Person Name Mon Aug 115 Who is assigned (and de- 
faults emails to), and when is that task due. 
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schedule 


¥ Basecamp Calendar Events 


* Scheduled Tasks 
Hours and dates 
+ Aeeting > intemal > schedule ++ 
++ Mecting/Emall > IT > scheudle + 
++ Mecting/Emall > internal > schedule 
Ux > cot 1> (S00 comments) 72d. BM 
Content > sot 1> [soo comments) 7/28 
Ux > sot 2 (App) >see comments 29 
Cantent > set 7 > so comments HA 
~~ holease LS > sot land ot 2 > toll 
UA = sel 3 >see comments Bl - By TZ 
Content = se0l 3 > see comments 61 
Comps > scetl> sce comments 7/30 
Comps + set 2 > see comments 8/4 
++ Release comps > act 2 > to 1T ++ BB 
+ Release Compe > eet d= to IT + 
Compe > etd > soo comments BAZ 
+ Rolosse UN > cot 3 >to 1T> BAS 
> Rolosse comps > sot 3 >to IT 
LIX > Updates A 
Content = Updates a 20 
e? Legal and BO review vr 8/22 
UAT 19 = 925 
IT Ceew 84 = 107 
Launch 1019 





TeamGantt project is just pulling the Basecamp informa- 
tion, providing a visual reference of the time it takes to com- 
plete a task (start and end date), a visual percentage of com- 
pletion, and some of the same tools that Basecamp has. 

To simplify, the Project Managers generally set up the 
permissions for TeamGantt to be “view only.” This is so in- 
dividuals do not have to try to adjust things from there. But 
the Project Managers do have the ability to create mes- 
sages and tasks from there if they choose (or need) to. 

The Project Managers also try to color-code 4 different 
types of tasks: Non-tasks (the ones with the “++” prefix): 
a default powder blue: 


¢ UX: light orange 
¢ Content: orange-red 
¢ Comps: a hot pink/fuchsia color. 


In the previous graphic you will notice that a few UX tasks 


are 95% done. The timeline items for that tasks is actual- 
ly 95% full. This is a visual indicator of where the task is. 
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Hide Completed 


August 2044 


™., View Availability 


Non series set of tasks: 
The following image is example of a non series set of 
tasks. These are things like one-offs or recurring tasks. 


Ongoing - Se ee eee 


To-do lists 


Add 3 to-do list 


Other Tasks 
Plan draft for share point (in MS prosect format) Troy 


© Sees for Compliance 


> August report > 8-8/0 2comments 


Add a toda 


Update weekly status comment 
Add & toda 
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The non-series of tasks are usually simple, yet explain 
things when possible in the subject first type of formatting. 


When to use regular email vs. Basecamp messages/ 
to-dos 
There are lots of messages that do not have to be tracked 
or which don't specifically pertain to a task. If this is the 
case, you don't have to use Basecamp. You will have to 
decide if you want the message to be seen by others or not. 

We try to streamline whenever possible but also commu- 
nicate enough to complete the tasks and “asks” at hand. 

These are some examples of what not to post on Base- 
camp. “Hi John — how was your weekend?”, “I did not like 
the meeting and thought it was a bad idea’ or “I am con- 
cerned | committed to a deadline | can not reach.” These 
are examples of messages or personal conversations that 
should handled outside of Basecamp. 

Also if we are emailing other people outside of Base- 
camp, we should just use an email. They will not know 
what the email is if it coming from the Basecamp system. 


Replying to Basecamp messages/to-dos 

One obstacle we tend to run across is that we do not al- 

ways have an understanding that a Basecamp-generated 

email is an email that requests a reply. If emails are not 

acknowledged then it can have an adverse effect when 

trying to finish projects in a timely manner. As such: 

¢ Always direct the email to the main person when ap- 
plicable. 
For example: If you are sending out a message and 
have selected several individuals to receive it, please 
direct the message to the individuals by adding @ 
symbol followed by the persons’ names. It will end up 
looking something like this: @Jon. 
That way once they receive the email the first thing 
they will see is who the email focused on. 

¢ Please reply to Basecamp emails. 

¢ Please start conversations on to-dos and messages 
on Basecamp (when appropriate). 


More information about general usage of Basecamp 
messages and to-dos please view sections 2.2 and 2.3. 


Conclusion 

Basecamp is a tool to allow us to centralize conversa- 
tions, help build and maintain task-driven timelines. It can 
also be integrated with a number of other tools like Team- 
Gantt, which allows us to visually see the timelines (be- 
ginning to end), percentage of items completed, certain 
print features and just allows the online group to quickly 
stay on track. 
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Although Basecamp is a great tool to have, it only works 
well when people are consciously using it in a productive 
manner. This is a flexible system that requires a little man- 
ual work to keep things running smoothly. Just remember, 
you can also take a peek at the online help section where 
there are guides, videos and cheat sheets at: https://base- 
camp.con/vhelp. 

| hope this article gives you the basics to help get projects 
done a little more efficiently and with more peace of mind. 
Having a sense of control and being able to confidently 

get things done and report positively to the client defi- 
nitely makes your life easier. | like easy (Freudian slip). 

There are of course more advanced tools but we have 
chosen Basecamp and related online applications be- 
cause they are flexible enough for the projects we are 
working with, while easy enough for clients to respond to. 
All things are centralized and documented automatically 
in one place. And if the client responds, then you have 
a direction you can move towards to make it closer to fin- 
ishing the goals of the job. 

lf anyone is interested in the work we have done please 
take a gander at our site http:/Awww.isointeractive.com as 
we have at least some of our public projects posted there. 
Mostly we deal with helping clients and partners fixing or 
developing mobile apps, websites, software reviews/au- 
dits, games, 3D simulations, lots of specialty projects and 
good old web development. Typically they range from the 
range of 10k to under a million USD. 

A few links of interest: 


¢ ISO White Paper: www.isointeractive.com/padf 
¢ |SO Video: www.isointeractive.com/#showreel 
¢ ISO Website: www.isointeractive.com 


Thank you and we look forward to continue contributing 
to the interactive community. 

lf you have any needs or even just want to brainstorm, 
please feel free to connect. 


* email: troy@isointeractive.com 

¢ skype: troyhipolito 

¢ web: /sointeractive.com 

¢ facebook: facebook.com/!SOinteractive 
¢ twitter: @/sointeractive 

¢ instagram: iso_interactive 





Troy Hipolito is the Senior Consultant at ISO Interactive (a consulting 
social and mobile game company that supports agencies for cam- 
paigns, Facebook games, iPhone Apps and that sort of thing). 
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Guide to FreeNAS — 
Hardware Design, 


Part Ill: Pools, Performance, and Cache 





ZFS Pool Configuration 
ZFS storage pools are comprised of vdevs which are 
striped together. vdevs can be single disks, N-way mirrors, 
RAIDZ (Similar to RAID5), RAIDZ2 (Similar to RAID6), 
or RAIDZ3 (there is no hardware RAID analog to this, but 
it's a triple parity stripe essentially). A key thing to know 
here is a ZFS vdev gives the IOPs performance of one de- 
vice in the vdev. That means that if you create a RAIDZ2 
of ten drives, it will have the capacity of 8 drives but it will 
have the IOPs performance of a single drive. The need for 
l|OPs becomes important when providing storage to things 
like database servers or virtualization platforms. These 
use cases rarely utilize sequential transfers. In these sce- 
narios, you'll find larger numbers of mirrors or very small 
RAIDZ groups are appropriate choices. At the other end 
of the scale, a single user trying to do a sequential read 
or write will benefit from a larger RAIDZ[1|2|3] vdev. Many 
home media server applications do quite well with a pool 
comprising a single 3-8 drive RAIDZ[1|2|3] vdev. 

RAIDZ1 gets a special note here. When a RAIDZ1 loses 
a drive, all the other drives in the vdev become single points 
of failure. AZFS storage pool will not operate if a vdev fails. 
This means if you have a pool made up ofa single 10 drive 
RAIDZ vdev and one drive fails, pool operation depends 
on none of the remaining 9 drives failing. In addition, 
with modern drives being as large as they are, rebuild 
times are not trivial. During the rebuild period, all of the 
drives are doing increased |/O as the array rebuilds. This 
additional stress can cause additional drives in the array to 
fail. Since a degraded RAIDZ1 can withstand no additional 
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failures, you are very close to “game over’ there. Powers 
of 2 pool configuration: there is much wisdom out there on 
the internet about the value of configuring ZFS vdevs in 
a power of two. This made some sense when building ZFS 
pools that did not utilize compression. Since FreeNAS 
utilizes Compression by default (and there are 0 cases 


ee ie tio 
Volume Name 


VWolume to extend 


Available desks 


* 1+ 2.2 TB (no more drives) 


Volume layout (Estimated capacity: 4.00 Ti) 
| 1 2 3 4 
adat adel ada? (| ada 
Capacity: 4.00 TiB 


Add Extra Device 


———— | 
Add Volume 
Existing data will be cleared | — | 


Manual setup 
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where it makes sense 
to change the default!), 
any attempts to optimize ZFS with 
the vdev eonfiguration are foiled by the compressor. Pick 
your vdev configuration based on the IOPs needed, space 
required, and desired resilience. In most cases, your 
performance will be limited by your networking anyway. 


ZIL Devices 

ZFS can use dedicated devices for its ZIL (ZFS intent log). 
This is essentially the write cache for synchronous writes. 
Some workflows generate very little traffic that would ben- 
efit from a dedicated ZIL, others use synchronous writes 
exclusively and, for all practical purposes, require a dedi- 
cated ZIL device. The key thing to remember here is the 
ZIL always exists in memory. If you have a dedicated de- 
vice, the memory ZIL is mirrored to the dedicated device, 
otherwise it is mirrored to your pool. By using an SSD, you 
reduce latency and contention by not utilizing your data 
pool (which is presumably comprised of spinning 

disks) for mirroring the in-memory 
ZIL. There’s a lot of confusion sur- 
rounding ZFS and ZIL device fail- 
ure. When ZFS was first released, 
dedicated ZIL devices were essen- 
tial to data pool integrity. A miss- 
ing ZIL vdev would render the 
entire pool unusable. With these 
older versions of ZFS, mirroring 
the ZIL devices was essential to 
prevent a failed ZIL device from de- 
stroying the entire pool. This is no 
longer the case with ZFS. Missing 
ZIL vdevs will impact performance 
but will not cause the entire pool to become 

unavailable. However, the conventional wisdom that the 
ZIL must be mirrored to prevent data loss in the case of 
ZIL failure lives on. Keep in mind that the dedicated ZIL 
device is merely mirroring the real in-memory ZIL. Data 
loss can only occur if your dedicated ZIL device fails and 
the system crashes with writes in transit in the unmirrored 
memory ZIL. As soon as the dedicated ZIL device fails, the 
mirror of the in-memory ZIL moves to the pool (in practice, 
this means you have a window of a few seconds where a 
system is vulnerable to data loss following a ZIL device 
failure). After a crash, ZFS will attempt to replay the ZIL 
contents. SSDs themselves have a volatile write cache, 
so they may lose data during a bad shutdown. To ensure 
the ZFS write cache replay has all of your inflight writes, 
the SSD devices used for dedicated ZIL devices should 
have power protection. HGST makes a number of devices 
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that are specifically targeted as dedicated ZFS ZIL devic- 
es. Other manufacturers such as Intel offer appropriate 
devices as well. In practice, only the designer of the sys- 
tem can determine if the use case warrants a professional 
enterprise grade SSD with power protection or if a con- 
sumer-level device will suffice. The primary characteris- 
tics here are low latency, high random write performance, 
high write endurance, and, depending on the situation, 
power protection. 


L2ARC Devices 
ZFS allows you to equip your system with dedicated read 
cache devices. Typically, you'll want these devices to be 
lower latency than your main storage pool. Remember 
that the primary read cache used by the system is system 
RAM, which is orders of magnitude faster than any SSD. 
lf you can satisfy your read cache requirements with RAM, 
youll enjoy better performance than if you use SSD read 
cache. In addition, there is a scenario where an L2ZARC 
read cache can actually drop performance. Consid- 
er a system with 6GB of memory cache 
(ARC) and a working set that is 5.9 GB. 
This system might enjoy a read cache 
hit ratio of nearly 100%. If SSD L2ARC is 
added to the system, the L2ZARC re- 
quires space in RAM to map its ad- 
dress space. This space will come 
at the cost of evicting data from 
memory and placing it in the L2ZARC. 
The ARC hit rate will drop, and misses 
will be satisfied from the (far slower) SSD 
L2ARC. In short, not every system can ben- 
efit from an L2ZARC. FreeNAS includes tools in 
the GUI and at the command line that can deter- 
mine ARC sizing and hit rates. If the ARC size is hit- 
ting the maximum allowed by RAM, and if the hit rate is 
below 90%, the system can benefit from L2ZARC. If the 
ARC is smaller than RAM or if the hit rate is 99.X%, add- 
ing L2ZARC to the system will not improve performance. 
As far as selecting appropriate devices for L2ZARC, they 
should be biased towards random read performance. The 
data on them is not persistent, and ZFS behaves quite 
well when faced with L2ZARC device failure. There is no 
need or provision to mirror or otherwise make L2ARC de- 
vices redundant, nor is there a need for power protection 

on these devices. 
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Does your Information 
Belong to the CIA Triad? 


Confidentiality, Integrity and Availability are the three pillars 
of Information Security. In this article, we pose a number of 
scenarios to you, the IT professional, and ask “What would 
you do”? Every environment is different, so we will not 
provide any answers. Rather, we want to stimulate thought 
and debate around the ethics that Donn Parker says are 
missing from the computer center. 









Question 3. 

You politely point this out to the man- 
ager verbally but are reprimanded 
and told to mind your own business. 
What now? 


Question 1. 

The IT help-desk is understaffed, 
and you are the only member of IT 
available. Anew member of staff re- 
quests a password change, but this 
is a help-desk call and they are hot- 
desking. Do you change it anyway 
or how do you proceed? 





Question 4. 

What steps do you take when dis- 
posing of large quantities of end of 
life hardware and consumables? 
Securely wiping each device takes 


Question 2. 

You are the web-master of a large 
corporate site, and the senior man- 
ager responsible for adding con- too much time, and there is no bud- 
tent for his department is on leave. get for a third party to provide this 
A major crisis has developed around service. How do you handle difficult 
a particular issue and a senior man- _ items like cartridge ribbons that retain an imprint of print- 
ager asks you to publish a revised Word document con- outs and photocopiers that have data stored in internal 
cerning the matter. You discover this document still has all hard drives? 

the modifications and revisions highlighted and available, 

and looks very unprofessional. Also, you suspect that any- 

one reading the document will glean information that is 

not desired. Do you mention this to the manager? 
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Question 5. 

When designing a database appli- 
cation, what criteria do you use as 
to when data is encrypted? Should 
this be performed at the application 
or database layer and what implica- 
tions does this have for disaster re- 
covery? When is database encryp- 
tion useless? 


Question 6. 

When designing and commission- 
ing a project, when is it best practice 
to place the software in escrow? lf 
a vendor refuses to permit this, yet 
you are under pressure from man- 
agement to commit, what action can 
you take? 


Question 7. 








How often do you test your backups? 
Do you just sample the data or do you 
perform “Restore from bare metal’ 
tests? If your organisation was to suf- 
fer fire, flood or earthquake, are there 
up to date copies off-site? 





CIA triad 


Question 8. 

A critical project requires multiple 
leased lines for redundancy. Do you 
use the same vendor for both? Do 
you need to ensure you have re- 
placement pre-configured “Like for 
Like” routers etc. available? 


Question 9. 

An open Wi-Fi hotspot with a strong 
signal is close to your premises. 
Connection to this node is not pass- 
word protected. What risk, if any, 
does this pose to your Internet con- 
nected LAN if staff members with 
laptops connect to your LAN via ca- 
ble and the Internet via external Wi- 
Fi? What steps can you take to miti- 
gate any risk? 


formation belong to the CIA triad? 
Image courtesy of John M. Kennedy T. 
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Question 10. 

A laptop with encrypted data is in- 
fected with a virus in the form of 
a root-kit. You do not have access 
to the keys to mount the drive from 
a separate boot disk but you do 
have the administrator password for 
the machine. How do you gain ac- 
cess to the hard disk to disable the 
malware from loading as it loads pri- 
or to the O/S fully loading? 


Question 11. 

Does your organisation have a so- 
cial media policy about the use of 
Facebook and Twitter etc. during 
working hours? Outside business 
hours? Does this include person- 
al devices? If so does it cover both 
personal and postings in an official 
capacity? 


Question 12. 

What steps does your organisa- 
tion take to prevent misrouted email 
data loss e.g. by picking the wrong 
“Smith” from a distribution list? Are 
documents pro-actively marked 
(e.g. confidential, for general re- 
lease etc.)? How easy is it to spoof 
a user in your organisation if you tel- 
net to port 25 of your email server? 


Question 13. 

What is the minimum level of pass- 
word complexity demanded in your 
organisation? Do you use single 
sign-on? If the password levels are 
complex, do staff write the pass- 
words on Post-It notes and place 
them on their monitor etc? How 
often are password changes en- 
forced? What is the major downside 
of single sign-on systems? 








Question 14. 

Do you have access via a separate 
route to the Internet that is not fire- 
walled or connected to your corpo- 
rate LAN? What could this be used 
for in diagnosing a major systems 
outage e.g. email or web-server? 
Do you use this for accurate pene- 
tration testing? 


Question 15. 

The plastic soft-touch keypad on the 
door-lock of the Data-centre has 4 
discoloured digits due to heavy use 
over the years. Assuming no num- 
bers are repeated in the entry code, 
how many permutations would it 
take to brute-force the combination? 
Does this warrant replacing the key- 
pad? Will the lock fail if the combina- 
tion is entered incorrectly too many 
times? How often is the password 
changed? 





Rob Somerville has been passionate about technology since his ear- 
ly teens. A keen advocate of open systems since the mid-eighties, he 
has worked in many corporate sectors including finance, automo- 
tive, airlines, government and media in a variety of roles from tech- 
nical support, system administrator, developer, systems integrator 
and IT manager. He has moved on from CP/M and nixie tubes but 
keeps a soldering iron handy just in case. 
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Google Earth Forensics 


Using Google Earth Geo-Location in Digital Forensic 


Investigations 


Digital Forensics 101 


Digital Forensics is a branch of forensic science that 
focuses on the recovery, examination, and investigation of 
evidence stored on computers and other digital devices, 
as well as various media that may have been used to store 
data. Although it is commonly associated with criminal 
investigations, digital forensics has been used in civil cases, 
internal investigations, tribunals, and other inquiries or 
forums that require an exploration of data. 


he process of performing a digital forensic investiga- 
tion can be broken down into four stages: 


¢ Seizure, in which computers, mobile devices and oth- 
er devices and/or media are obtained and preserved. 

¢ Acquisition, in which the data is retrieved from a device 

¢ Analysis, in which an image or copy of the data ac- 
quired in the previous step is examined 

¢ Reporting, in which the procedures and processed 
that were followed in the previous steps are docu- 
mented, along with the evidentiary findings 


Seizure 

When a computer or other device is seized, it is taken into 
custody and secured with goal of preserving any potential 
evidence. As with every stage of a digital forensic inves- 
tigation, you will document the scene, actions that were 
taken, and procedures that were followed. It is also impor- 
tant at this stage to establish a chain of custody that will 
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carry on through all the other stages, documenting who 
and when and when a person had position of evidence. 

In addition to photographing the scene where the com- 
puter or device was seized, photograph the computer or 
mobile device and what is displayed on the screen. Photo- 
graphing the screen will preserve what applications were 
open, possible information, and will show what the user 
was last using doing on the computer or device. Under 
no circumstances should you use the computer/device, 
search for evidence, or alter its running condition. A rule 
of thumb is that if it is turned off, leave it off; if it is turned 
on, leave it on. 

During the seizure, some steps may be taken to acquire 
digital evidence. If a computer is turned on, you would 
start by collecting any live data, inclusive to taking an im- 
age of the physical memory. A utility that can be used to 
image the RAM is F-Response (www.f-response.com). 
This tool could also be used to collect a logical image of 
the disk if you discovered the hard disk was encrypted. 
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Google Earth Forensics 


Copyright © 2015 Elsevier Inc. All rights reserved. 


You would also gather any other data that is required for 
the investigation about the computer's live state, such as 
logged on users, its network connection state, running 
processes, and so on. 

You should also take effort in documenting how the com- 
puter or device was found. Photographs and diagrams 
should be made of how it was setup when found, inclusive 
to any cords plugged into the machine. You should also 
label all of the cords, and document the model numbers 
and serial numbers of the computer/device and any other 
devices attached to it. Nothing should be disconnected 
from a computer or device until the previous steps have 
been completed. 

When you are ready to transport the computer/device, 
you should package all of the components in anti-static 
bags, and seize any other storage media. This would in- 
clude external hard disks, USB sticks, as well as CDs and 
DVDs that may contain data. To keep the media safe, you 
should avoid putting it near anything that may damage 
the data, such as magnets, radio transmitters, and so on. 
In gathering these additional items, you should also col- 
lect any manuals or documentation that may be related 
to the device. You never know if these will be helpful later 
in your investigation, or if they contain useful information 
(such as passwords, etc.). 

There are additional considerations when a mobile de- 
vice is seized. When a mobile device is connected to 
a cellular network, it may access new data that will over- 
write evidence. Similarly, a mobile GPS unit that is turned 
on mayncontinue to record track points (i.e., locations that 
the GPS has been) as its being transported. Because 
a mobile phone or tablet can be sent a command to wipe 
the device, you also run the risk of everything on it be- 
ing erased. To preserve potential evidence on a mobile 
phone, GPS or other device, it is important they are stored 
in a Faraday bag or cage. A Faraday cage is an area pro- 
tected by material that blocks signals, essentially creating 
the same conditions of being in a “dead zone” where you 
cannot get a cell phone signal from your carrier. A Faraday 
bag is used to store mobile devices for transport, preserv- 
ing any evidence stored on them. 


Acquisition 

The acquisition stage is where data is retrieved from a 
device or media, and generally occurs after the evidence 
has been collected, safeguarded and transported. In ac- 
quiring evidence from a device, a decision is made wheth- 
er you need to perform a live or dead analysis. A live anal- 
ysis is performed when a computer or device is powered 
on, and cannot be powered off until this information is col- 
lected. A dead analysis occurs when the machine is pow- 
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ered off, and transported to a lab where data can be re- 
trieved in a controlled environment. 

Acquiring data from a computer, device, or various me- 
dia that may be used to store potential evidence gener- 
ally requires specialized tools. This is not to say there are 
not times when a mobile device may require the manual 
acquisition of data, whereby an investigator uses the us- 
er interface of a phone or other device to view and pho- 
tograph information displayed on the screen. However, 
in doing so, the only data that will be displayed is that 
which is accessible to the device’s operating system and/ 
or apps. In addition, using the interface may result in da- 
ta being written to the device. To safely acquire all of the 
data, inclusive to that which may have been deleted, soft- 
ware and hardware tools are commonly used to create 
a bit-for-bit copy of what is stored on the device. Once 
a copy of the data is acquired, the investigator can then 
examine the copy of the data so that the original remains 
untouched during analysis. 

There are several ways in which you may acquire a co- 
py of what is stored on a file system, but not all of them will 
provide the same results. These methods include: 


¢ Copying files, which will only copy the files that are 
on the system and not ones that may have been de- 
leted. Also, metadata related to file ownership, times 
a file was accessed, permissions and other data may 
be lost in copying the file. 

¢ Backups, which will restore a copy of the files. De- 
pending on the backup software used, not all of the 
metadata related to files will be included with the 
backup, and it will not capture information about de- 
leted files. 

¢ Copying disk partitions, which will create a bit-for-bit co- 
py of the file system including metadata related to the 
files and information residing in unallocated space. 

¢ Copying the entire disk, which creates a bit-for-bit co- 
py of the file system, including storage space before 
and after disk partitions. 


In looking at these methods, you can see that a bit- 
by-bit copy of the data will yield the most possible re- 
sults. While you might think this would only apply 
to the hard disk of a computer, many mobile devic- 
es use file systems and may be used as storage de- 
vices. In addition, devices that use SD cards can 
have the card removed and processed like other re- 
movable media. By using various tools discussed later 
in this chapter, you will be able to collect the data on 
these devices, making a copy that you can then ana- 
lyze to identify evidence related to your case. 
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Analysis 

The analysis stage generally occurs after evidence has been 
collected. If live data is not being examined, then an inves- 
tigation is conducted against static data that has been cop- 
ied from a system. Once an image of data on the computer, 
device, or other media has been made, an examination of 
the data takes place. This may involve performing keyword 
searches relating to a crime, running scripts to identify cer- 
tain types of data, manually reviewing information and con- 
tent of files, and various other techniques. 

By analyzing various types of data found on a machine, 
investigators will search for evidence that implicates or 
exonerates a suspect. The evidence may include digital 
photographs or downloaded images (as in the case of 
child pornography cases), electronic spreadsheets (in the 
case of financial crimes), email and other types of data. 
Using the content, metadata, or other information discov- 
ered, the investigator may reconstruct a series of events 
related to the case. 


Reporting 

Documentation is crucial to any digital forensics case. 
It is important to make a record of any actions taken, 
devices or media examined, procedures that were 
followed, and other details relating to the evidence. 
Remember that, especially after a case goes to court, 
there is the possibility that anything related to the case 
may be questioned, and your documentation may be 
used to provide answers. 

Throughout the process of conducting an investiga- 
tion, it is vital that the integrity of the data and the de- 
vice storing it is preserved, and part of this involves 
a documented chain of custody. Once a computer, 
device or media is seized, it should start the chain of 
custody, showing who initially took possession and who 
had custody of it after that point. It is also important 
to remember that the original devices, storage media, 
or other items that evidence was collected from may be 
requested by defense council or other parties involved 
in the case. In some cases, evidence files or images 
taken of a system may be requested. By preserving 
these items and ensuring there is a record of who had 
access to them, you can help to ensure the evidence 
has not been corrupted or tampered with in anyway. 

lt should also come as no surprise that you will need to 
create a report about what was found during the course 
of your investigation, and how it applies to the case. This 
could include listings and details about any files found 
on storage mediums (e.g., hard disks, tape, USB devices, 
etc.), information recovered from emails or other sources, 
and any other data that is being used as evidence. As we 
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will discuss later in this chapter, many commercial tools 
provide features that will automatically generate reports 
about the files that were found. You would also write a re- 
port yourself that outlined the steps taken to acquire and 
analyze the data, and how the files or information found 
apply to the case. The reports themselves may then be 
submitted as evidence of an accused persons guilt or in- 
nocence. 


Where Google Earth Fits In 

Google Earth (GE) can be used in multiple stages 
of the digital forensic process. Most often, you will find 
that it is used in the later parts of a case, when you 
need to analyze coordinates from various sources, 
or as a reporting tool to create presentations relating 
to geographic locations. In some cases, it may also be 
used to acquire GPS data from a device, although oth- 
er tools may be more suited to collecting such data for 
a forensic investigation. 


GPS Forensics 

When a person uses a GPS device, he or she will en- 
ter in locations called waypoints that are stored in the 
GPS. The waypoint may be a person’s current loca- 
tion, or a location that he or she wants to navigate to. 
The GPS device will use a series of waypoints to create 
a route, showing the person how to navigate from one 
location to others in a specific order. Because this infor- 
mation can be stored on the device, it can also be re- 
trieved and examined during an investigation. 

GPS devices will also store tracks, which are geograph- 
ic points that the unit has been. When you turn on the 
GPS unit, it will connect to satellites and determine its 
current location. As you travel, additional track points 
will be stored as a record of where the GPS unit has 
been, and stored in a track log. By looking at the track 
log, you are able to view a listing of coordinates that 
the portable GPS has visited and, by extension, where 
its owner has been. 

As we saw in Chapter 3, and revisit in the next chapter, 
Google Earth can be used to acquire data from a Garmin 
or Magellan GPS unit. In performing the import, you will 
see the number of waypoints, tracks and routes that are 
imported from a GPS device, which can then be reviewed 
in the 3D viewer. 

However, importing GPS data in this way copies the 
data directly off of the device into Google Earth. It does 
not retrieve any data that may have been deleted, or is 
hidden on the device. 

This can be a major issue if a particular location of in- 
terested a suspect visited existed in the deleted data, 
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and no longer appeared in the tracks you copied using 
Google Earth’s import feature. For this reason, it is often 
best to use forensic tools to collect all of the data, not just 
what is visible to the device’s interface, inclusive to any 
deleted or hidden data that may reside on the device. 

Also, in acquiring the data from a GPS device for use 
with Google Earth, you want to ensure nothing is writ- 
ten to the GPS device. As the device will store files, 
your operating system or applications might write data 
without your knowledge or intention. If data from the 
Original source of evidence has been modified, it could 
be challenged in court, and become inadmissible as 
evidence. To prevent this from happening, you should 
ensure that your forensic machine uses write protec- 
tion and/or uses tools that are designed to gather evi- 
dence in a forensically sound manner, as we discuss 
in the next section. 


TOOLS FOR RECOVERING EVIDENCE 

As we have mentioned, it is important to recognize that 
GE is not a tool designed for digital forensic data collection. 
It will do a logical download of geolocation data, so any- 
thing that is been deleted from the device (i.e., waypoints, 
coordinates, etc.) will not be included when you use GE 
to import data from the device. To acquire data in a foren- 
sically sound manner, and get all the evidence that is 
available (regardless of whether it is deleted or hidden), 
more advanced tools should be considered. 

In this section, we will discuss various tools that can 
be used to collect data from devices. There are soft- 
ware and hardware solutions that prevent your operat- 
ing system or software like Google Earth from writing 
to the device or storage media, and ones that will create 
an exact duplicate so that you can work from an im- 
age of the data. 


A Pee 


Working with Images and Other Copies of Data 

By creating an image of what is stored on a computer or other 
devices, you are examining a copy of the data and not the 
Original source. Forensic software that allows you to create 


an image in this way means that you can examine a computer 
or device without having to go through its operating system 
or user interface. In doing so, you are bypassing any passwords 
required to logon to a machine. Similarly, for mobile forensics, 
such tools can extract data while bypassing pattern locks, PINs 
or passwords. 


Write Protection 
Prior to acquiring data from a GPS unit with Google 
Earth, you should ensure that your forensic machine 
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has USB write protection enabled. Because a GPS 
unit also can function as a mass storage device, it is 
essential to make sure that no data on the device 
is changed. Rather than simply plugging the GPS de- 
vice into a USB port, you want to ensure that software 
write protection or a hardware write blocker is used to 
prevent any accidental modification of data. 

Write blockers allow read commands to pass from 
a computer to a storage device, but block any write com- 
mands. In doing so, you can safely access the drive to 
view its contents and\or collect data. With a hardware 
blocker, the disk or device you are collecting evidence 
from plugs into a device that becomes a midway point be- 
tween the forensic workstation and the storage you are 
acquiring data from. The ability to block writes may also 
be included in other forensic hardware tools that are used 
to image or duplicate the data on the suspect device. 

There are also a number of software solutions that can 
be used to prevent your computer from writing to a stor- 
age device that you are collecting data from, such as a 
GPS device that is connected via a USB port. On a ma- 
chine running Windows, you can use write protection soft- 
ware like: 


¢ DSI USB Write Blocker (document-solutions.biz/ 
downloads/?did=9) 

¢ M2CFG USB Write Block (www.m2cfg.com/usb_ 
writeblock.htm) 

¢ NetWrix USB Blocker (www.netwrix.com/usb_block- 
er_freeware.htm!) 

¢ Thumbscrew (www.irongeek.com/.php?page=security/ 
thumbscrewsoftware-usb-write-blocker) 


There are also a number of tools for Mac computers that 
provide write protection, allowing you to safely acquire 
data, such as: 


¢ Softblock (www. blackbagtech.com/software-prod- 
ucts/softblock-1/softblock. htm!) 

¢ Disk Arbitrator (https:/github.com/aburgh/Disk-Arbi- 
trator/downloads) 


Tools Used to Acquire Evidence 

In addition to the tools we have already mentioned, there 
are a number of products available for digital forensics 
investigations, which are commonly used by law enforce- 
ment and companies specializing in data collection. Us- 
ing such suites of products, you will find that they have 
features and functions that will meet most of your needs 
throughout the process of acquiring, analyzing and report- 
ing on digital evidence. 
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Guidance Software (www.guidancesoftware.com) is 
a company that creates a number of products used for 
digital forensics. The versions of EnCase are used to ac- 
quire evidence from hard drives, removable media (e.g., 
CDs, USB sticks, etc.), smartphones, tablets, GPS units 
and more. Using a GUI interface, the software can be 
used to acquire, analyze, and create reports to show what 
was found, where the data originated, details of files, and 
other pertinent facts that relate to your investigation. Once 
completed, you can have EnCase generate a report that 
can be provided to other investigators and the courts. 

Cellebrite (www.cellebrite.com) is another company that 
is well known for its commercial digital forensic products. 
Using their software and hardware, you can acquire and 
examine data from mobile phones, GPS units, tablets, and 
other devices, as well as memory cards. The tools available 
can be used for manual acquisition, where there is a need to 
take screenshots or images of data, and for acquiring exist- 
ing and deleted data from a device being examined. 

Cellebrite also has tools specifically designed for inves- 
tigations requiring the acquisition of data from GPS devic- 
es. Using these tools, you can extract data from portable 
GPS units like Tom Tom, Garmin and Mia, inclusive to any 
GPS fixes that may have been previously deleted. Once 
you have acquired the files using tools like Cellebrite and 
EnCase, you can then import them into Google Earth for 
further analysis. 


File Converters 

While you can import GPS data into Google Earth, you 
are limited to files for Garmin and Magellan units. If files 
have been retrieved from other types of GPS devices, 
then you will need to convert them prior to importing them 
into GE. Once converted to a Garmin or Magellan format 
or a KML file, you can then import the data into GE. Some 
of the file converters available include: 


¢ GPSBabel (www.gpsbabel.org) is freeware applica- 
tion that runs on your computer, which converts way- 
points, tracks and routes to different formats. 

¢ GPS Visualizer (www.gpsvisualizer.com/gpsbabel/), 
which is a site that provides an online version of GPS- 
Babel, allowing you to upload and convert the file on 
their site. 

¢ TraceGPS (www.tracegps.com/en/convert.htm) is an- 
other site that allows you to upload and convert files 
from one format to another 

¢ GPS Data Team (http:/tomtom.gps-data-team.com/ 
poi/ov2-to-kml. php), which is a site that can convert 
OV2 files used by Tom Tom GPS devices to a format 
used by Garmin devices. 
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DO YOU REALLY WANT TO DO THIS? 
Just because you need the evidence does not mean that 
you should be the one to acquire it. Law enforcement 
may have a fulltime digital or computer forensic examiner, 
while a corporation or other organization may have some- 
one on staff (such as in the I. T. department) who is trained 
in the collection of data using forensic methods and re- 
sources. Rather than doing the work yourself, you could 
have such a person collect the data for you, so you can 
work from a copy or image. 

lf you are not part of a formal investigation, you should 
ask why you are doing the work and where it might lead. 
Anyone using Google Earth has the ability to import and 
examine GPS data from a portable device, and retrieving 
and reviewing this information might be used for person- 
al or non-investigative reasons. However, depending on 
what you find, that data may eventually become evidence 
in a court case, and how it was collected might be held to 
a higher standard. For example: 


¢ A manager could import GPS data into Google 
Earth to review where an employee traveled during 
work hours. Is he or she traveling to meetings loca- 
tions, customer offices and other work-related plac- 
es, or visiting a bar or the beach? Looking at the GPS 
data would reveal where that employee goes, and if it 
was found the person was not doing their job, it could 
result in termination of employment. However, if the 
former employee challenged being fired and sued, 
then the data and methods of acquiring the GPS data 
could be questioned in civil litigation. 

¢ If a friend was concerned that his/her spouse or 
significant other was cheating, you could exam- 
ine where a portable GPS unit was taken in Google 
Earth. In doing so, you might confirm your friend’s 
suspicions, but what if your findings became the 
basis for a divorce? What was a simple perusal of 
a person’s goings on has now become evidence in 
a divorce case. 


As you can see from these scenarios, a simple looksee 
can quickly change. When you acquire and examine 
any data, you should always assume that it could even- 
tually become part of a criminal or civil case. Because 
of this, you should always try to follow best practices of 
data collection, documentation, and follow any proce- 
dures or policies created by your organization. By treat- 
ing the acquisition of any data as a formal investigation, 
you will maintain good habits in the collection and anal- 
ysis of evidence, and be prepared if you have to testify 
about it later. 
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ORGANIZING YOUR CASE 

It is a good idea to make sure that when working on a geo- 
forensic case in Google Earth, you make sure you keep 
your work organized so that it is easy to retrieve and 
share, that you can recover from mistakes and most im- 
portantly you can maintain consistent work flow. A recom- 
mended way to do this is to create case folders in Google 
Earth. It is suggested that an investigator create two types 
of folders when working a case in Google Earth: 


¢ Acase folder in the “My Places” top level directory for 
eventual case dissemination 

¢ A “temporary” folder in the “Temporary Places” top level 
directory for experimenting and developing your work. 
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Figure 1. Adding a folder 
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Creating a folder in Google Earth is done by right-click- 
ing on one of the top level directories, and when the con- 
text menu shown in Figure 1 appears, select Add and then 
click Folder. 

Once you have created a folder, you are greeted with 
a dialog window to edit the settings of the folder. These 
settings are as follows. 


¢ Name. Here is where you set the name of the folder. 
It is recommended that you use a consistent nomen- 
clature for your particular organization. For instance 
<case name> — <case number> 

¢ Description. You can give the folder a description 
of what is contains and a preview of this will appear 
below the folder. The description can also include 
links, photos and other HTML tags. This is covered 
in the previous chapters, and as well as Chapter 6. 

¢ Style, color. This option becomes available once 
there are icons within the folder you are creat- 
ing or any subfolders of the created folder. The op- 
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tion is used to create a universal color and label style 
in this folder and all its children. 

¢ View. This option is used for creating one viewing an- 
gle for each of the placemarks contained in the fold- 
er. Once a view is set for a folder, double clicking on 
it will reset the view to match what was set. Setting 
the view will be covered in a section in Chapter 6. 


v (MS Google Earth For Forensics 
This folder contains the final case work for the course ready for delivery to an OIC or 
Prosecuting Attorney. 
(WED Victim's Home and Route 
This folder contains placemarks and information pertaining to the victim's home and route 
to Saguaro National Park, including relevant reports. 


(WED Saguaro National Park 
This folder contains all the geolocation data pertaining to the scene at Sagauaro National 
Park, including reports, measurements and location of recovered data. 


¥ (MS Temporary Places 
v (MS Google Earth For Forensics 


This folder contains the final case work for the course ready for delivery to an OIC or 
Prosecuting Attorney. 


(ED Victim's Home and Rout 
This folder contains placemarks and information pertaining to the victim's home and route 
to Saguaro National Park, including relevant reports. 


(A@ Saguaro National Park 
This folder contains all the geolocation data pertaining to the scene at Sagauaro National 
Park, including reports, measurements and location of recovered data. 


Figure 2. Folder structure template 


In Chapter 6, we will work with a scenario to use the 
knowledge you have acquired throughout this book. For the 
purposes of our scenario for this course and to get you fa- 
miliar with organizing your work, create the following struc- 
ture by adding folders in My Places and Temporary Places. 
In using this template structure, it is encouraged that you 
change the template and narrative contained in the descrip- 
tion to suit the needs of your agency (Figure 2). 


Custom Icons 
As we mentioned in Chapter 2, when creating placemarks, 
the Style, Color tab of the Properties dialog can be used to 
select a unique icon for each placemark. Using different 
icons makes your placemarks stand out from one another 
in the 3D viewer, and can provide an effective graphic rep- 
resentation of why a location is important and/or what was 
found there (e.g., a crime scene, remains, evidence, etc.). 
As we will discuss in Chapter 6, you can select an icon 
from a library of icons that is included with Google Earth, 
or add a custom icon. Because you may find the ones in- 
cluded with GE limited, it may be useful to look at online 
resources, and take the time to choose ones that suit your 
purpose. A good site for custom icons is the Map Icons 
Collection (http:/mapicons.nicolasmollet.com), which has 
hundreds of free icons that can be downloaded and used 
in your project. Other useful sites include: 


¢ The Google Developers site (http://code.google. 
com/p/googlemaps-icons/downloads/list) 

¢ Mapito (htto:/www.mapito.net/map-marker-icons. html) 

¢ Benjamin Keen (http:/www.benjaminkeen.com/?p=105) 
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Enabling Access to Local Files 

Google Earth is set up natively to access the Internet to 
pull down content like map data or external files and pic- 
tures. But in digital forensics allowing Internet access by 
a program containing case data is generally considered to 
be a poor idea. It is of use, however, to use the capability 
of Google Earth to link to other files such as report PDFs 
or scene photographs. Below is the procedure for allow- 
ing Google Earth to link to files local to the examiner’s 
machine (Figure 3). 


1. From the Jools menu, and click the Options menu 
item (on a Mac click Preferences) 

2. Click the General tab, and (as shown in the following 
figure) locate the Placemark Balloons section. 

3. Click the Allow access to local files and personal data 
checkbox so it appears checked. 

4. Accept the warning saying that access to local files 
might be risky, and click OK 
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| 3D View Cache Touring Navigation [GENER 
Display Email Program 
(MY Show tooltips (+) OS X Mail 
__ Show web results in external browser __) Use my Gmail account 
(Mi Building highlights ~) Entourage 
Usage Statistics Eudora 
Start up tips 


|_| Send usage statistics to Google 


ins 
KML Error Handling a Show start up tig 


(+) Silently accept all unrecognized data Placemark balloons 


__) Show prompts for all errors 


Allow access to local files and personal data 
(_) Abort file load on any error ’ 


Cookies — — 
(M Save cookies to disk \ 


Figure 3. Enable placemark balloon local access 


UNDERSTANDING WHAT YOU ARE LOOKING AT 
When navigating through areas in Google Earth, it is im- 
portant to realize that much of what is shown is not cur- 
rent. Some images may be recent, but others may be 
weeks, months or even years old. According to Google, 
most of the imagery you see is approximately 1—3 years 
old. As such, buildings that have been torn down may ap- 
pear in GE, while those recently built are not visible. Simi- 
larly, the Street View does not contain real-time footage, 
so a familiar area may appear outdated as you take a vir- 
tual walk down the street. In using this tool, it is important 
to remember that what is displayed may not be an accu- 
rate representation of what is there now. 


Why is He Blurry? 


In Chapter 1, we mentioned that if you notice blurred im- 
agery in GE, it may be due to slow or poor connections 
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to the Internet. That being said, you can expect to see 
some blurred areas when viewing an area in Street View. 
To protect a person’s privacy, Google uses an algorithm 
that will automatically blur a person’s face and the license 
plates of vehicles so they cannot be identified. 


Blocked Content 
Generally, when you use Street View, you will not be able 
to access areas beyond the street. In other words, you will 
not be able to explore a mall's parking lot, private roads, 
empty fields, and so on. The reason for this is that Google 
uses a car with a panoramic camera on top of it to take 
photos as it drives down the street. It does not go off road 
to take photos, so you are limited to what is visible from 
the roadway. An exception to this is when a point of inter- 
est like Universal or Disney theme parks permit Google to 
enter and take digital photos of what is inside. Doing so 
allows you to take a virtual journey through that location. 
Another time when you will notice missing content is 
when Google removes something that is considered in- 
appropriate. An example of this is when you try and vis- 
it 105 Temperance Street in Manchester England, where 
you will find that you are prevented from navigating down 
a section of that roadway. The reason is that when the 
Google car drove by, the 15 lens panoramic camera cap- 
tured multiple angles of a man and woman engaged in 
a sex act. The area was known for prostitution, and once 
it was discovered a salacious transaction had been pho- 
tographed, Google blurred and later deleted the images. 


Misinterpreted Content 

While Google has captured unsavory and illegal acts on 
camera, and even used aerial imagery showing a crime 
scene, there are also times where people have mistakenly 
interpreted what is shown. An example of this occurred on 
Middle Road in St John’s, Worcester, England when the 
Google car photographed a young girl lying face down in 
the road, with one shoe cast off in the gutter. When the 
images became available the next year, users of Google 
Maps and Google Earth were shocked to see what ap- 
peared to be a dead girl. Fortunately, things were not what 
they seemed. The 9-year-old was simply playing a prank 
on her friend, and had been unaware that Google had 
snapped her picture. Before you try looking for the imag- 
ery on Google Earth, you should be aware that they have 
already blurred and deleted images, preventing you from 
navigating down that road. 


Removing Content 


Problems related to what appears in Google Earth and 
Google Maps can be reported to the company, which 
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may result in images being blurred, replaced or removed. 
To report an issue, you can use Google Maps (https:// 
Mmaps.google.com) to navigate to a particular location. En- 
ter an address, and zoom into a location. When you are 
viewing a map or satellite image and spot a problem, you 
can click on the Report a problem link to display a dia- 
log box that allows you to notify Google about incorrect 
road information, addresses, places, directions, or other 
issues. By clicking on the Other Problems link, you can 
report issues with satellite imagery, Street View, or other 
problems. 

For Street View, anyone can report inappropriate con- 
tent, or request that a location or person is blurred. Ac- 
cessing Street View in Google Maps is the same as in 
Google Earth. You would navigate to a location and either 
zoom in as far as you can until it switches to Street View, 
or drop the pegman icon onto a location. Once you are in 
Street View, you will notice a you will see a Report a prob- 
lem link in the lower right-hand corner. Upon clicking this, 
a separate browser window will open, where you can re- 
port inappropriate content. Once this window opens, you 
will see a picture of what you were looking at in Street 
View, which you can adjust to focus on a particular part of 
the image. You can then request that a face, your home, 
car or license plate, or a different object is blurred. While 
you have reported the issues using Google Maps, the 
changes will also appear in Google Earth. 


Google Earth Forensics 
Using Google Earth Geo-Location 
in Digital Forensic Investigations 


by Michael Harrington and Michael Cross 


http://store.elsevier.com/ 
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Could Turn the Engines 
off at 35,000 Feet 





In my previous column, | highlighted the hidden threats that 
technology can engender if the supply chain is compromised. Sadly, 
with the detention and interrogation of Chris Roberts of the Colorado- 
based One World Labs, even exposing the more obvious threats seems 
to bring paranoia and panic as a response. 


identified weaknesses in the in-flight entertain- 

ment systems of aircraft that to quote Roberts 
“could turn the engines off at 35,000 feet” has been pulled 
off a flight, no doubt detained in some dreary room at Syr- 
acuse airport to be grilled about his knowledge. To add 
insult to injury, the FBI forensically examined the plane to 
check if anything had been compromised. All ironically in 
the face of Roberts’ TSA (Transportation Security Admin- 
istration) clearance and pro-actively working with the intel- 
ligence community to expose and help mitigate these type 
of risks. Maybe it was the recent article on Fox News that 
brought this disproportional response’, but it is clearly ap- 
parent that the established order are acting like an injured 
animal biting the hand of the veterinarian trying to treat its 
wounds. Welcome to the particularly non-exclusive club of 
the persecuted whistle-blower Chris, as you have discov- 
ered to your cost the idiom of “No good deed goes unpun- 
ished” is alive and well in the 21st century. 

Where the decision to take this action originated from is 
unclear, so it would be unfair to blame any of the alpha- 
bet and law enforcement agencies involved. No doubt if 
pressed, the Nuremberg defence will be rolled out again 
— after all, orders are orders and the responsibility lies fur- 
ther up the chain of command. It is a pity that 70 years 
after the close of the Second world war we still struggle 
with the unresolved tensions of personal versus corporate 
and institutional responsibility. Ironically, the larger and 
more expansive the organisation, the more dilute freedom 
to make autonomous decisions becomes and to take any 
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responsibility harder still. After all, it is the first duty of the 
professional to toe the line when it comes to policy, and 
any dissent is looked upon as insubordination, disloyalty 
or just sheer rebellion. And we wonder why there are so 
many injustices and inequalities — faced with the institu- 
tionalised tar pit of policy, box ticking exercises, “lessons 
being learned” and enquiries that are loaded from the 
Start, it is little wonder that few brave souls muster suffi- 
cient courage and gumption to raise their heads above the 
parapet. And of course, there is always the added benefit 
of being branded a crank, having your motives criticised 
or even more worryingly a concerted attack on your char- 
acter and exposure of past mistakes by the media or the 
intelligence services. Dig deep enough and you will find 
dirt on anyone, but it takes a particular form of pond-life 
to twist this reality and use it to obscure the fundamental 
truth that the credible whistle-blower is attempting to ex- 
pose. Hopefully, Chris Roberts will be rewarded with an 
apology, but | somewhat suspect that if this story gains 
more traction the tactic of shooting the messenger will be 
brought into play. 

Unequivocally, airline safety must be a top priority for 
governments and the industry to address. Flying at 35,000 
feet in an aluminium tube constructed by the lowest bid- 
der (Thanks Steve Buscemi of Armageddon fame for the 
quote) has an unnerving effect on many. The industry is 
notoriously sensitive to wars, terrorist action, economic 
conditions and global geo-politics negatively affecting rev- 
enue and profit streams. The profit margins per passen- 
ger are generally extremely low, so anything that dents 
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consumer confidence can have a major effect on the bot- 
tom line. The trend for corporates implementing home 
working and telecommuting has created a schism within 
the industry where major investment has been made to 
attract first-class travellers (with their corresponding large 
wallets) and a reduction or elimination of business class 
accommodation, leading to an almost 2 tier system. The 
remaining bulk of passengers are not frequent flyers, and 
the substantial proportion of this travel is closely knit to 
the vacation and travel industry. Any panic can potential- 
ly lead an airline to bankruptcy as has happened many 
times in the past, with the corresponding financial carnage 
filtering down to hotel chains, car rental businesses and 
small family-run hotels. Despite the irony that it is statisti- 
cally more dangerous to get in a car or cross the road than 
fly across the world, perceptions are fickle so it is under- 
standable from the commercial angle (although unforgiv- 
able from a risk management or ethical perspective) as to 
why such a hard line is being taken. 

Good risk management at its core must foster a culture 
of trust and openness, if not reward. While it is beyond ar- 
gument that certain sensitive details should be kept well 
away from parties that could exploit these weaknesses 
for gain, the old problem of leverage raises its ugly head. 
What do you do if a vulnerability is discovered and you 
inform the software developer or manufacturer confiden- 
tially but they bury their heads in the sand? Do you go 
public? Quietly reassure yourself that you have done your 
best but let it lie? Go to the top of the organisation in the 
hope that those in a position of responsibility will act? 
Large organisations suffer from a peculiar type of inertia 
when facing such crises, and the results are not pretty — 
especially when you have a business sector so closely 
regulated by government. Batten down the hatches, wear 
Teflon coating and pray that the problem goes away. 

This is not the way it should be. Either the airline indus- 
try wants the help of the white hats and as a result takes 
them and their analysis seriously, or undermines genuine 
efforts to be a part of the solution and becomes a part of 
the problem itself — immediately playing into the hands of 
the black hats by giving them strategic advantage. Never 
so true is the maxim “It takes one to know one’ more rele- 
vant. All the policies, governance and PR machinery avail- 
able will not identify security weaknesses, only the sharp- 
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eyed forensics and security analyst with experience, the 
relevant technology and carte blanche to examine the 
organisation as a whole from every conceivable angle. 
This incident is more reminiscent of a “Blue on Blue” or 
“Friendly fire” scenario than one that reinforces trust and 
partnership between business, white hats and law en- 
forcement repelling a common enemy. This is the danger 
where an offence is classified as strict liability — the law 
does not consider the mens rea or state of mind of the 
defendant. Those concerned may think that the remov- 
al of Chris Roberts from the flight was judicious and pro- 
portionate, but others may have second thoughts when it 
comes to reporting issues from now on. Under similar cir- 
cumstances, rather than approaching the media, maybe 
the better approach is to befriend a long-time experienced 
airline pilot — like few others they understand the true risks 
of flying. Or if you are of a more delicate composition, just 
quietly forget about it. 

| have no doubt that One World Labs and Chris Roberts 
in particular will take this breach of common sense on the 
chin. It goes with the territory, for the world of intelligence 
services, law enforcement, forensic and penetration secu- 
rity traditionally attract knee jerk and emotional reactions 
from the uninformed. But until the commercial sector has 
the courage to embrace bad news exposed at even the 
most public systems level, it will continue to find that solu- 
tions to problems buried much deeper below the surface 
will evade their grasp. Despite years of denial even the 
behemoth Microsoft has realised that this is not a sustain- 
able long term strategy. 


References 
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BSD . 


MAGAZINE 


ee SOME. CASES 


ipper studio 


FHAS VIR T WALLY 


REMOVED 
"ne NEED FOR « 


MANUAL AUDIT 95 


CISCO SYSTEMS INC. 











Titanias award winning Nipper Studio configuration 
auditing tool is helping security consultants and end- 
user organisations worldwide improve their network 
security. Its reports are more detailed than those typically 
produced by scanners, enabling you to maintain a higher 
level of vulnerability analysis in the intervals between 
penetration tests. 


Now used in over 65 countries, Nipper Studio provides a 
thorough, fast & cost effective way to securely audit over 
100 different types of network device. The NSA, FBI, DoD 
& U.S. Treasury already use it, so why not try it for free at 
www.titania.com 
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On Premises? Or Both? 
The SharePoint Come to SPTechCon Boston 2015 and learn about the 


Technology Conference differences between Office 365, cloud-hosted SharePoint, 


on-premises SharePoint, and hybrid solutions and build your 
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e Custom SharePoint 2013 Workflows that Use the SharePoint 2013 
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Over 70 classes e SharePoint 2013 Farm Architecture and Visual Studio for Admin 
e Creating a Branded Site in SharePoint 2013 


taught by expert Speakers! e SharePoint's New Swiss Army Knife: The Content Search Web Part 
Moving to Office 365? 


Here are some targeted classes for YOU! 





“This was a great conference that addresses all levels, roles and 
abilities. Great variety of classes, great presenters, and | learned 


many practical things that | can take back and start implementing ° Baby Stepping Into the Cloud ail Hybrid Workloads 
next week.” e Demystifying Office 365 Administration 


—Kathy Mincey, Collaboration Specialist, FHI 360 e Document Management and Records Management for Office 365 
e Office 365 Search in the Cloud 


MASTER THE PRESENT, PLAN FOR THE FUTURE! REGISTER NOW! —) www.sptechcon.com 
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